Category:Security

Revision as of 10:38, 5 July 2019 by Emmy Fu (talk | contribs) (Overview)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Revision as of 10:38, 5 July 2019 by Emmy Fu (talk | contribs) (Overview)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This page is meant to organize categories, please see the below listings to navigate the sub-categories and articles.

 This category contains articles related to SmartSimple security. 

Overview

SmartSimple handles client data with the utmost integrity. Security features and functionality exist at all levels of our system - from administrative controls to encrypted servers which are securely housed in a SSAE 16 (SAS 70*) data center. 

Within our system, our internal system security is a two-tier model:

  • User access is firstly hierarchically-dependent and can furthermore be restricted by role; field-level security is also based on role 
  • Manager permissions control access to higher-level functions within s 

The below chart is a broad overview of our security licenses and features: 

Certifications, Memberships & Compliance
  • SmartSimple and its hosting partners are all SOC 2 certified  
  • SSAE 16 (The United States)*
  • CSAE 3416 (Canada) 
  • FS-ISAC (Financial Services - Information Sharing and Analysis Center)
Encryption & Protection
  • SHA 256 Password Encryption 
  • SSL (128/1024) Encryption
  • Closed ports - otherwise, communication is using HTTP port 80 or HTTPS port 443
  • All outward-facing URLs (external sign-ups, logins, or other entries) are encrypted
  • Encrypted severs (provides protection from "bare metal attacks") 
  • DDoS shield
Role-Based Permissions
  • The creation of user roles define levels of access - this is a central feature of the SmartSimple platform 
  • This user level control ensures that information is only accessible to those who are authorized
  • Access policies are configurable to be as granular as necessary 
  • See Also: Organization-Based Security
Applicant Screening

We've built in comprehensive screen options through OFAC and GuideStar™. 

We also integrate with international tax authorities to verify charitable status:

  • The Internal Revenue Service (IRS) 
  • The Canadian Revenue Agency (CRA) 
  • The Australian Business Register
  • Charity Commissioners (UK) 
System Lockdown At the first sign of an attempted breach of security, your SmartSimple instance can be placed on lockdown. This ensures that access is limited to parties who are addressing the security concern.
Forensic Auditing With your permission, SmartSimple can track system usage and provide you with detailed access reports. This may help to identify any unauthorized access resulting from issues such as shared passwords and malicious data manipulating.
Reader Log and Field Change Tracking All field changes are tracked and auditable. 
Two-Factor Authentication Protect your organization and system by requiring an additional layer of user verification beyond a username and password. Two-factor authentication drastically reduces the incidence of online identity theft and fraud. 
  • SSAE 16 supersedes Statement on Auditing Standards (SAS) No. 70 with the professional guidance for performing a service auditor's examination. 
  • Our hosting server, AWS (Amazon Web Services), is FedRAMP authorized, follows ISO 27001 best practice guidance, and is a PCI DSS Level 1 Service Provider.

Subcategories

This category has the following 3 subcategories, out of 3 total.

A

S

Pages in category ‘Security’

The following 59 pages are in this category, out of 59 total.